← Back

Secondlinethemes

secondlinethemes

4 CVEs • 3 products

Products (3)

Click to collapse
Toggle

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Secondlinethemes
1Podcast Subscribe Buttons
Jun 17, 2026
Oct 20, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcast_subscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output...Show more
The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcast_subscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
1Secondlinethemes
1Auto Youtube Importer
Jun 17, 2026
May 22, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Auto YouTube Importer plugin <= 1.0.3 versions.
1Secondlinethemes
1Podcast Importer Secondline
Jun 17, 2026
Apr 11, 2022
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file
1Secondlinethemes
1Podcast Subscribe Buttons
Jun 17, 2026
Oct 18, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows users with any role capable of editing or adding posts to perform stored XSS.